# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssh
pkgver=8.3_p1
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=0
pkgdesc="Port of OpenBSD's free SSH release"
url="https://www.openssh.com/portable.html"
arch="all"
license="BSD"
options="!check suid" # FIXME: tests fails. disable for now
depends="openssh-client openssh-sftp-server openssh-server"
makedepends_build="linux-pam-dev"
makedepends_host="openssl-dev zlib-dev libedit-dev linux-headers"
makedepends="$makedepends_build $makedepends_host"
# Add more packages support here e.g. kerberos
_pkgsupport=""
[ -z "$BOOTSTRAP" ] && _pkgsupport="pam"
subpackages="$pkgname-dbg
	$pkgname-doc
	$pkgname-keygen
	$pkgname-client
	$pkgname-keysign
	$pkgname-sftp-server:sftp
	$pkgname-server-common:server_common:noarch
	$pkgname-server
	"
for _flavour in $_pkgsupport; do
	subpackages="$subpackages $pkgname-server-$_flavour:_pkg_flavour"
done

source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$_myver.tar.gz
	fix-utmp.patch
	sftp-interactive.patch
	disable-forwarding-by-default.patch
	fix-verify-dns-segfault.patch

	sshd.initd
	sshd.confd
	"
# secfixes:
#   7.9_p1-r3:
#     - CVE-2018-20685
#     - CVE-2019-6109
#     - CVE-2019-6111
#   7.7_p1-r4:
#     - CVE-2018-15473
#   7.5_p1-r8:
#     - CVE-2017-15906
#   7.4_p1-r0:
#     - CVE-2016-10009
#     - CVE-2016-10010
#     - CVE-2016-10011
#     - CVE-2016-10012

builddir="$srcdir"/$pkgname-$_myver

prepare() {
	default_prepare
	for _flavour in $_pkgsupport; do
		cp -a "$srcdir"/$pkgname-$_myver "$srcdir"/$pkgname-$_myver-$_flavour
	done
}

build() {
	export LD="$CC"
	export TEST_SSH_UTF8=no # utf8 test fails
	_configure_vanilla="./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc/ssh \
		--libexecdir=/usr/lib/ssh \
		--mandir=/usr/share/man \
		--with-pid-dir=/run \
		--with-mantype=doc \
		--with-ldflags='${LDFLAGS}' \
		--disable-lastlog \
		--disable-strip \
		--disable-wtmp \
		--with-privsep-path=/var/empty \
		--with-xauth=/usr/bin/xauth \
		--with-privsep-user=sshd \
		--with-md5-passwords \
		--with-ssl-engine \
		--with-libedit \
		"
	# now we build "vanilla" openssh
	_configure="$_configure_vanilla"
	for _flavour in $_pkgsupport; do
		_configure="$_configure --without-$_flavour"
	done
	msg "Building openssh..."
	eval "$_configure"
	make

	# now we build other openssh-$_flavour
	_configure="$_configure_vanilla"
	for _flavour in $_pkgsupport; do
		cd "$builddir-$_flavour"
		msg "Building openssh with $_flavour support..."
		eval "$_configure --with-$_flavour"
		make
	done
}

check() {
	make tests
}

package() {
	make DESTDIR="$pkgdir" install
	mkdir -p "$pkgdir"/var/empty
	install -D -m755 "$srcdir"/sshd.initd \
		"$pkgdir"/etc/init.d/sshd
	install -D -m644 "$srcdir"/sshd.confd \
		"$pkgdir"/etc/conf.d/sshd
	install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
		"$pkgdir"/usr/share/man/man1/ssh-copy-id.1
	sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config
}

keygen() {
	pkgdesc="ssh helper program for generating keys"
	depends=
	install -d "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/ssh-keygen \
		"$subpkgdir"/usr/bin/
}

client() {
	pkgdesc="OpenBSD's SSH client"
	depends="openssh-keygen"
	install -d "$subpkgdir"/usr/bin \
		"$subpkgdir"/usr/lib/ssh \
		"$subpkgdir"/etc/ssh \
		"$subpkgdir"/var/empty

	mv "$pkgdir"/usr/bin/* \
		"$subpkgdir"/usr/bin/
	mv "$pkgdir"/etc/ssh/ssh_config \
		"$pkgdir"/etc/ssh/moduli \
		"$subpkgdir"/etc/ssh/
	install -Dm755 "$builddir"/contrib/findssl.sh \
		"$subpkgdir"/usr/bin/findssl.sh
	install -Dm755 "$builddir"/contrib/ssh-copy-id \
		"$subpkgdir"/usr/bin/ssh-copy-id
	install -Dm755	"$builddir"/ssh-pkcs11-helper \
		"$subpkgdir"/usr/bin/ssh-pkcs11-helper
}

keysign() {
	pkgdesc="ssh helper program for host-based authentication"
	depends="openssh-client"
	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
		"$subpkgdir"/usr/lib/ssh/
}

sftp() {
	pkgdesc="ssh sftp server module"
	depends=""
	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/sftp-server \
		"$subpkgdir"/usr/lib/ssh/
}

server_common() {
	pkgdesc="OpenSSH server configuration files"
	depends=""
	for i in etc/ssh/sshd_config \
		etc/init.d/sshd \
		etc/conf.d/sshd; do

		install -d "$subpkgdir"/${i%/*}
		mv "$pkgdir"/$i \
			"$subpkgdir"/${i%/*}/

	done
}

server() {
	pkgdesc="OpenSSH server"
	depends="openssh-keygen openssh-server-common"
	cd "$builddir"
	install -d "$subpkgdir"/usr/sbin
	mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/
}

_server() {
	cd "$builddir"
	install -d "$subpkgdir"/usr/sbin
	mv "$1"/sshd "$subpkgdir"/usr/sbin/
}

_pkg_flavour() {
	pkgdesc="OpenSSH server with $_flavour support"
	depends="openssh-keygen openssh-server-common"
	for _flavour in $_pkgsupport; do
		cd "$builddir"-$_flavour
		_server "$builddir"-$_flavour
	done
}

sha512sums="b5232f7c85bf59ae2ff9d17b030117012e257e3b8c0d5ac60bb139a85b1fbf298b40f2e04203a2e13ca7273053ed668b9dedd54d3a67a7cb8e8e58c0228c5f40  openssh-8.3p1.tar.gz
f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1  fix-utmp.patch
c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9  sftp-interactive.patch
8df35d72224cd255eb0685d2c707b24e5eb24f0fdd67ca6cc0f615bdbd3eeeea2d18674a6af0c6dab74c2d8247e2370d0b755a84c99f766a431bc50c40b557de  disable-forwarding-by-default.patch
b0d1fc89bd46ebfc8c7c00fd897732e67a6cda996811c14d99392685bb0b508b52c9dc3188b1a84c0ffa3f72f57189cc615a76b81796dd1b5f552542bd53f84d  fix-verify-dns-segfault.patch
8122ac1838586a1487dad1f70ed2ec8161ae57b4a7ee8bfef9757b590aa76a887a6c5e5f2575728da4c6c2f00d2a924360e23d84a4df204d7021b44b690cb2f8  sshd.initd
ec506156c286e5b28a530e9964dd68b7f6c9e881fbc47247a988e52a1f9cd50cbfaf4955c96774f9e2508d8b734c4abf98785fbaa75ae6249e3464b5495f1afc  sshd.confd"
